view | history | commit | commitdiff
Pranav Gaikwad
2020-02-19 f976d40883de3eac6e252f29ff3252a73f23c632
commit | author | age
5d8526 1 ---
DW 2 apiVersion: v1
3 kind: Namespace
4 metadata:
5   annotations:
6     openshift.io/node-selector: ""
7   labels:
8     control-plane: controller-manager
9     controller-tools.k8s.io: "1.0"
3f270a 10   name: "{{ mig_migration_namespace }}"
5d8526 11 ---
DW 12 apiVersion: rbac.authorization.k8s.io/v1beta1
13 kind: RoleBinding
14 metadata:
15   annotations:
16     openshift.io/description: Allows deploymentconfigs in this namespace to rollout
17       pods in this namespace.  It is auto-managed by a controller; remove subjects
18       to disable.
19   name: system:deployers
20   namespace: {{ mig_migration_namespace }}
21 roleRef:
22   apiGroup: rbac.authorization.k8s.io
23   kind: ClusterRole
24   name: system:deployer
25 subjects:
26 - kind: ServiceAccount
27   name: deployer
28   namespace: {{ mig_migration_namespace }}
29 userNames:
3f270a 30 - system:serviceaccount:{{ mig_migration_namespace }}:deployer
5d8526 31 ---
DW 32 apiVersion: rbac.authorization.k8s.io/v1beta1
33 kind: RoleBinding
34 metadata:
35   annotations:
36     openshift.io/description: Allows builds in this namespace to push images to this
37       namespace.  It is auto-managed by a controller; remove subjects to disable.
38   name: system:image-builders
39   namespace: {{ mig_migration_namespace }}
40 roleRef:
41   apiGroup: rbac.authorization.k8s.io
42   kind: ClusterRole
43   name: system:image-builder
44 subjects:
45 - kind: ServiceAccount
46   name: builder
47   namespace: {{ mig_migration_namespace }}
48 userNames:
3f270a 49 - system:serviceaccount:{{ mig_migration_namespace }}:builder
5d8526 50 ---
DW 51 apiVersion: rbac.authorization.k8s.io/v1beta1
52 groupNames:
3f270a 53 - system:serviceaccounts:{{ mig_migration_namespace }}
5d8526 54 kind: RoleBinding
DW 55 metadata:
56   annotations:
57     openshift.io/description: Allows all pods in this namespace to pull images from
58       this namespace.  It is auto-managed by a controller; remove subjects to disable.
59   creationTimestamp: null
60   name: system:image-pullers
61   namespace: {{ mig_migration_namespace }}
62 roleRef:
63   apiGroup: rbac.authorization.k8s.io
64   kind: ClusterRole
65   name: system:image-puller
66 subjects:
67 - kind: Group
3f270a 68   name: system:serviceaccounts:{{ mig_migration_namespace }}
5d8526 69 ---
DW 70 apiVersion: v1
71 kind: ServiceAccount
72 metadata:
73   name: migration-operator
3f270a 74   namespace: "{{ mig_migration_namespace }}"
5d8526 75 ---
DW 76 apiVersion: apiextensions.k8s.io/v1beta1
77 kind: CustomResourceDefinition
78 metadata:
79   name: migrationcontrollers.migration.openshift.io
80 spec:
81   group: migration.openshift.io
82   names:
83     kind: MigrationController
84     listKind: MigrationControllerList
85     plural: migrationcontrollers
86     singular: migrationcontroller
87   scope: Namespaced
88   subresources:
89     status: {}
90   version: v1alpha1
91   versions:
92   - name: v1alpha1
93     served: true
94     storage: true
95 ---
96 apiVersion: rbac.authorization.k8s.io/v1beta1
97 kind: Role
98 metadata:
99   creationTimestamp: null
100   name: migration-operator
3f270a 101   namespace: "{{ mig_migration_namespace }}"
5d8526 102 rules:
DW 103 - apiGroups:
104   - ""
105   resources:
106   - pods
107   - services
108   - endpoints
109   - persistentvolumeclaims
110   - events
111   - configmaps
112   - secrets
113   verbs:
114   - '*'
115 - apiGroups:
116   - apps
117   resources:
118   - deployments
119   - daemonsets
120   - replicasets
121   - statefulsets
122   verbs:
123   - '*'
124 - apiGroups:
125   - monitoring.coreos.com
126   resources:
127   - servicemonitors
128   verbs:
129   - get
130   - create
131 - apiGroups:
132   - apps
133   resourceNames:
134   - mig-operator
135   resources:
136   - deployments/finalizers
137   verbs:
138   - update
139 - apiGroups:
140   - migration.openshift.io
141   resources:
142   - '*'
143   verbs:
144   - '*'
145 ---
146 kind: RoleBinding
147 apiVersion: rbac.authorization.k8s.io/v1beta1
148 metadata:
149   name: migration-operator
3f270a 150   namespace: "{{ mig_migration_namespace }}"
5d8526 151 subjects:
DW 152 - kind: ServiceAccount
153   name: migration-operator
154 roleRef:
155   kind: Role
156   name: migration-operator
157   apiGroup: rbac.authorization.k8s.io
158 ---
159 apiVersion: rbac.authorization.k8s.io/v1beta1
160 kind: ClusterRoleBinding
161 metadata:
162   name: migration-operator
163 roleRef:
164   apiGroup: rbac.authorization.k8s.io
165   kind: ClusterRole
166   name: cluster-admin
167 subjects:
168   - kind: ServiceAccount
169     name: migration-operator
3f270a 170     namespace: "{{ mig_migration_namespace }}"
JM 171 namespace: "{{ mig_migration_namespace }}"
5d8526 172 ---
DW 173 apiVersion: apps/v1beta1
174 kind: Deployment
175 metadata:
176   name: migration-operator
3f270a 177   namespace: "{{ mig_migration_namespace }}"
5d8526 178   labels:
3f270a 179     app: migration
5d8526 180 spec:
DW 181   selector:
182     matchLabels:
3f270a 183       app: migration
5d8526 184   template:
DW 185     metadata:
186       labels:
3f270a 187         app: migration
5d8526 188     spec:
DW 189       serviceAccountName: migration-operator
190       containers:
191       - name: ansible
192         command:
193         - /usr/local/bin/ao-logs
194         - /tmp/ansible-operator/runner
195         - stdout
3f270a 196         image: registry.redhat.io/rhcam-1-1/{{ mig_migration_namespace }}-rhel7-operator:v1.1
5d8526 197         imagePullPolicy: Always
DW 198         volumeMounts:
199         - mountPath: /tmp/ansible-operator/runner
200           name: runner
201           readOnly: true
202       - name: operator
3f270a 203         image: registry.redhat.io/rhcam-1-1/{{ mig_migration_namespace }}-rhel7-operator:v1.1
5d8526 204         imagePullPolicy: Always
DW 205         volumeMounts:
206         - mountPath: /tmp/ansible-operator/runner
207           name: runner
208         env:
209         - name: OPERATOR_NAME
210           value: migration-operator
211         - name: POD_NAME
212           valueFrom:
213             fieldRef:
214               fieldPath: metadata.name
215         - name: WATCH_NAMESPACE
216           valueFrom:
217             fieldRef:
218               fieldPath: metadata.namespace
219         - name: REGISTRY
220           value: registry.redhat.io
221         - name: PROJECT
3f270a 222           value: rhcam-1-1
5d8526 223         - name: MIG_CONTROLLER_REPO
3f270a 224           value: {{ mig_migration_namespace }}-controller-rhel8@sha256
5d8526 225         - name: MIG_UI_REPO
3f270a 226           value: {{ mig_migration_namespace }}-ui-rhel8@sha256
JM 227         - name: MIGRATION_REGISTRY_REPO
228           value: {{ mig_migration_namespace }}-registry-rhel8@sha256
229         - name: MIGRATION_REGISTRY_TAG
230           value: 0ae610db4f73b6a5353c4821165bd60a8c4e86ac5ba5f1d60cd532f5bcd814bd
5d8526 231         - name: VELERO_REPO
3f270a 232           value: {{ mig_migration_namespace }}-velero-rhel8@sha256
5d8526 233         - name: VELERO_PLUGIN_REPO
3f270a 234           value: {{ mig_migration_namespace }}-plugin-rhel8@sha256
5d8526 235         - name: VELERO_RESTIC_RESTORE_HELPER_REPO
3f270a 236           value: {{ mig_migration_namespace }}-velero-restic-restore-helper-rhel8@sha256
JM 237         - name: VELERO_AWS_PLUGIN_REPO
238           value: {{ mig_migration_namespace }}-velero-plugin-for-aws-rhel8@sha256
239         - name: VELERO_GCP_PLUGIN_REPO
240           value: {{ mig_migration_namespace }}-velero-plugin-for-gcp-rhel8@sha256
241         - name: VELERO_AZURE_PLUGIN_REPO
242           value: {{ mig_migration_namespace }}-velero-plugin-for-microsoft-azure-rhel8@sha256
243         - name: VELERO_TAG
244           value: db2997115d8a0767d61038e14f48170dc53d3c54b977184e7ecb37ead2f131da
5d8526 245         - name: VELERO_RESTIC_RESTORE_HELPER_TAG
3f270a 246           value: 44f0362c8570d707582bd428aaf18f390ce915ef72cdeb60cf2699171dbda3c8
JM 247         - name: VELERO_PLUGIN_TAG
248           value: 94d5f45f5e8236614e124d2753da7165b913b0e2d8199f164d8f2d208339e85e
249         - name: VELERO_AWS_PLUGIN_TAG
250           value: 460dfc455de7ee6a2e49d17d5227c5d653340197b7ad9ed430576c35f4651f4d
251         - name: VELERO_GCP_PLUGIN_TAG
252           value: 44f40ff5a3c8ad9b76105e2b8fc5bd04692464cc4aa683da2cf83b3336200863
253         - name: VELERO_AZURE_PLUGIN_TAG
254           value: 9e69f2af712452218cde0c3325c60f9e1eb4624bcaff67770822b60f2e19ac60
255         - name: MIG_UI_TAG
256           value: ed16db50ffd6614d8f654449bf29003b82d4d5da420419add00fd5ec5b1fd79b
257         - name: MIG_CONTROLLER_TAG
f976d4 258           value: cbdd2cdc2c050bb62c713004497e57bfb9c4f7575dd1ec38e69f41689575d365
5d8526 259       volumes:
DW 260         - name: runner
261           emptyDir: {}